You’re thinking in terms of encryption, I’m thinking in terms of attestation. Eg, defend against root kits by way of validating all software components in the boot cycle.